Suspicious activity on the endpoint is usually an indicator that a larger cybersecurity threat or attack is occurring. Your users are continually targeted by various attacks – phishing, malicious websites, session-based attacks and more — that end up playing out on the endpoints inside your organization.

While understanding anomalous behaviors on your endpoints is important, they must also be analyzed within the broader context of events, network activity, and peer-user behavior in order to have the best chance at identifying indicators of compromise (IoCs).

Working together, Securonix uses the Cylance API to gather real-time attack intelligence from the endpoints across your organization, and leverages this intelligence for threat detection and investigation.

Figure 1: The CylancePROTECT dashboard gives an overall view of threats across the enterprise

Integration Benefits

Combining the capabilities of Securonix and Cylance provides security operations center (SOC) teams with a single-pane view of both cloud and endpoint security events along with the continuous protection and prevention capabilities they need to proactively detect and defeat viruses, malware, ransomware, and other known and unknown (zero-day) threats.

The integrated solution is able to find and prevent known and unknown threats on the endpoint without any impact to the user and is also able to find complex cyberthreats that span the endpoint, network, and user spaces.

How It Works

CylancePROTECT prevents adversaries from gaining a foothold at the endpoint by detecting and blocking the execution of both file-based and fileless attacks, and by applying policies for device and script control, application control, and memory exploitation protection.

The Securonix Security Analytics Platform uses RESTful APIs to ingest the security event data collected by CylancePROTECT at the endpoint - this includes not only information about suspect files, applications, scripts, and processes, but also event metadata, file attributes and more.

SOC personnel can visualize and interrogate the resulting threat-chain data within the Securonix management dashboard, drilling down and pivoting from one threat indicator to the next to trace and track the infection.

The security team is able to initiate response actions directly from the Securonix console, including manual threat mitigation and remediation actions, as well as through pre-defined incident response playbooks.

Learn More:

The Cylance TeamCylance’s mission is to protect every computer, user, and thing under the sun. That's why we offer a variety of great tools and resources to help you make better-informed security decisions. Author's Bio